For support, please contact

Documents

Summary

Real-time systems are characterised not only by the need for
functional correctness, but also the need for timing
correctness. Today, real-time embedded systems are found in many
diverse application areas including; automotive electronics, avionics,
and space systems. In these areas, technological progress is resulting
in rapid increases in both software complexity and processing
demands. To address the demand for increased processor performance,
silicon vendors no longer concentrate on increasing processor clock
speeds, as this approach has led to problems with high power
consumption and excessive heat dissipation. Instead, technological
development has shifted to multicore processors, with multiple CPUs
integrated onto a single chip. The broad technology trend is towards
much larger numbers of cores, referred to as manycore, requiring
network-on-chip rather than bus interconnects.

Requirements on Size Weight and Power consumption, as well as
unremitting cost pressures, are pushing developments in avionics
and automotive electronics towards the adoption of powerful embedded
multicore processors, with a longer term vision of migrating to
manycore. With the adoption of such technology comes the opportunity
to combine different applications on the same platform, potentially
dramatically reducing assembly and production costs, while also
improving reliability through a reduction in harnessing. Different
applications may have different criticality levels
(e.g. safety-critical, mission-critical, non-critical) designating the
level of assurance needed against failure. For example, in automotive
electronics, cruise control is a low criticality application, whereas
electric steering assistance is of high criticality. In an aerospace
context, flight control and surveillance applications in Unmanned
Aerial Vehicles are of high and low criticality
respectively. The very low acceptable failure rates (e.g. 10^{-9}
failures per hour) for high criticality applications imply the need
for significantly more rigorous and costly development and
verification processes than required by low criticality applications.

Combining high and low criticality applications on the same hardware
platform raises issues of time separation and composition; it must be
possible to prevent the timing behaviour of high criticality
applications from being disturbed by low criticality ones, otherwise
both need to be engineered to the same rigorous and expensive
standards. Simple methods of achieving this separation, such as time
partitioning or allocation to different cores can however be wasteful
of processing resources. They may require more expensive hardware than
necessary, increasing production costs, which is something industry is
strongly motivated to avoid. Time composability is needed so that the
timing behaviour of applications, determined in isolation, remains
valid when they are composed during system integration. Without time
composability integration of complex applications would become
infeasible expensive.
The transformation of real-time embedded systems into mixed
criticality multicore and manycore systems is recognised as a
strategically important research area in Europe and the USA.

The seminar focused on the two key conflicting requirements of
Mixed Criticality Systems: separation between criticality levels for
assurance and sharing for resource efficiency, along with the related
requirement of time composability. The key research questions
addressed were:

How to provide effective guarantees of real-time performance to applications of different criticality levels via intelligent sharing of resources while respecting the requirements for asymmetric separation / isolation between criticality levels?

How to provide asymmetric time separation between applications with different levels of criticality so that the impact of lower criticality applications on those of higher criticality can be tightly bounded independent of the behaviour or misbehaviour of the former, without significantly compromising guaranteed real-time performance?

How to provide time composability for applications of different criticality levels, so that the timing behaviour of applications determined in isolation remains valid when they are composed during system integration?

The sessions of the seminar were structured around a set of
themes. Particular attention was given to the interfaces between
themes, as these are the areas that can benefit most from improved
understanding and collaboration. The discussion groups were organized around the following themes that correspond to research challenges in mixed criticality systems (MCS):

Platforms and Experimental Evaluation (see Section 5.1);

Worst-Case Execution Time (see Section 5.2);

Criticality (see Section 5.3);

Probabilistic (see Section 5.4).

Organization of the Seminar

The seminar took place from 15th to 20th March 2015. The first day started with a keynote talk by Prof. Alan Burns (University of York), one of the most
influential researchers in the Real-Time Systems field over the last
25 years. Alan reviewed advances in MCS research and underlined current open problems. An overview of his talk is provided in Section 3. The first day ended with presentations and feedback on real implementations (see Section 4) as well as identifying the main themes for group discussion.

The following three days started with presentations, which were followed by
discussions either within the identified groups or in an open format.

The second day started with discussions about the motivation for
mixed-criticality systems presented by three different participants (see
Sections 4.4., 4.5 and 4.6). Different notations are used by different
sub-communities and several presentations underlined these differences (see Sections 4.7, 4.8 and 4.9). An outline of the main ideas for probabilistic
analysis of real-time systems provided the topics for the discussion
group on probabilistic MCS (see Sections 4.10 and 4.11).

The morning of the third day commenced with discussions on the relation between time and MCS (see Section 4.11), which continued into the afternoon's hiking activity.

Starting from the fourth day a slot dedicated to anonymous mixed
criticality supporters was added to the program allowing researchers new to the topic to identify open problems in MCS from the perspective of their different domains.

As detailed later in this report, the seminar enabled the real-time community to make important progress in articulating and reaching a common
understanding on the key open problems in mixed criticality systems, as well as attracting new researchers to these open problems (see Section 6). The seminar also provided an ideal venue for commencing new collaborations, a number of which are progressing towards new research publications, see Section 7.

The seminar has helped define a research agenda for the coming years that could be supported by follow-up events, given the strong interest expressed by the participants of this seminar.

As organizers, we would like to thank Prof. Reinhard Wilhelm for
encouraging us to submit the seminar proposal, Dagstuhl's Scientific
Directorate for allowing us to run a seminar on mixed criticality
systems, and to the staff at Schloss Dagstuhl for their superb support
during the seminar itself. Finally, we would like to thank all of the
participants for their strong interaction, presentations, group
discussions, and work on open problems, sometimes into the early hours
of the morning. We were very pleased to hear about the progress of new
found collaborations, and to receive such positive feedback about the
seminar itself. Thank you to everyone who participated for a most
enjoyable and fruitful seminar.

Publications

Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.